What are the dangers of using snap's classic confinement?












0














While following a video tutorial on Linux bash scripting, the teacher uses atom for editor.



When I did I tried to install atom :



*sudo snap install atom*


I got the message:



error: This revision of snap "atom" was published using classic confinement and thus may perform
arbitrary system changes outside of the security sandbox that snaps are usually confined to,
which may put your system at risk.
If you understand and want to proceed repeat the command including --classic.



What would you do/suggest?






ubuntu snap atom







share|improve this question









New contributor




Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Thanks for clarifying my question, Sparhawk. :)
    – Philippe Moisan
    36 mins ago
















0














While following a video tutorial on Linux bash scripting, the teacher uses atom for editor.



When I did I tried to install atom :



*sudo snap install atom*


I got the message:



error: This revision of snap "atom" was published using classic confinement and thus may perform
arbitrary system changes outside of the security sandbox that snaps are usually confined to,
which may put your system at risk.
If you understand and want to proceed repeat the command including --classic.



What would you do/suggest?






ubuntu snap atom







share|improve this question









New contributor




Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Thanks for clarifying my question, Sparhawk. :)
    – Philippe Moisan
    36 mins ago














0












0








0







While following a video tutorial on Linux bash scripting, the teacher uses atom for editor.



When I did I tried to install atom :



*sudo snap install atom*


I got the message:



error: This revision of snap "atom" was published using classic confinement and thus may perform
arbitrary system changes outside of the security sandbox that snaps are usually confined to,
which may put your system at risk.
If you understand and want to proceed repeat the command including --classic.



What would you do/suggest?






ubuntu snap atom







share|improve this question









New contributor




Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











While following a video tutorial on Linux bash scripting, the teacher uses atom for editor.



When I did I tried to install atom :



*sudo snap install atom*


I got the message:



error: This revision of snap "atom" was published using classic confinement and thus may perform
arbitrary system changes outside of the security sandbox that snaps are usually confined to,
which may put your system at risk.
If you understand and want to proceed repeat the command including --classic.



What would you do/suggest?






ubuntu snap atom




ubuntu snap atom






share|improve this question









New contributor




Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 56 mins ago









Sparhawk

9,34663991




9,34663991






New contributor




Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 8 hours ago









Philippe MoisanPhilippe Moisan

82




82




New contributor




Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Philippe Moisan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Thanks for clarifying my question, Sparhawk. :)
    – Philippe Moisan
    36 mins ago


















  • Thanks for clarifying my question, Sparhawk. :)
    – Philippe Moisan
    36 mins ago
















Thanks for clarifying my question, Sparhawk. :)
– Philippe Moisan
36 mins ago




Thanks for clarifying my question, Sparhawk. :)
– Philippe Moisan
36 mins ago










1 Answer
1






active

oldest

votes


















0














This is answered well in snapcraft's official documentation.



In the interest of time, here is the pertinent portion:





Classic confinement is effectively un-confining the applications inside a snap. Applications which use classic confinement have the
same full system access as traditionally packaged applications.
Classic confinement is intended as a stop-gap measure to enable
developers to publish applications which need more access than the
current set of interfaces enable. Over time, as more interfaces are
developed, snap publishers can migrate away from classic confinement
to strict.




Classically confined snaps must be reviewed by the snap store
reviewers team before they can be published in the stable channel.
Snaps which use classic confinement may be rejected if they don’t meet
the requirements.



Users should not attempt to override a strictly confined snap to make
it ‘classic’ as this undoes the confinement and interfaces defined by
the developer. In addition applications published as strict snaps may
misbehave when installed with the ‘–classic’ switch.




As for a recommendation, you'll need to weigh the risks in your own mind. Consider the publisher of the software, their reputation/recognition and the fact that classic confinement snaps are reviewed before being published. Classic confinement is not all that different than having done a traditional apt install in terms of the access it allows to the program.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    Philippe Moisan is a new contributor. Be nice, and check out our Code of Conduct.










    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493033%2fwhat-are-the-dangers-of-using-snaps-classic-confinement%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    This is answered well in snapcraft's official documentation.



    In the interest of time, here is the pertinent portion:





    Classic confinement is effectively un-confining the applications inside a snap. Applications which use classic confinement have the
    same full system access as traditionally packaged applications.
    Classic confinement is intended as a stop-gap measure to enable
    developers to publish applications which need more access than the
    current set of interfaces enable. Over time, as more interfaces are
    developed, snap publishers can migrate away from classic confinement
    to strict.




    Classically confined snaps must be reviewed by the snap store
    reviewers team before they can be published in the stable channel.
    Snaps which use classic confinement may be rejected if they don’t meet
    the requirements.



    Users should not attempt to override a strictly confined snap to make
    it ‘classic’ as this undoes the confinement and interfaces defined by
    the developer. In addition applications published as strict snaps may
    misbehave when installed with the ‘–classic’ switch.




    As for a recommendation, you'll need to weigh the risks in your own mind. Consider the publisher of the software, their reputation/recognition and the fact that classic confinement snaps are reviewed before being published. Classic confinement is not all that different than having done a traditional apt install in terms of the access it allows to the program.






    share|improve this answer


























      0














      This is answered well in snapcraft's official documentation.



      In the interest of time, here is the pertinent portion:





      Classic confinement is effectively un-confining the applications inside a snap. Applications which use classic confinement have the
      same full system access as traditionally packaged applications.
      Classic confinement is intended as a stop-gap measure to enable
      developers to publish applications which need more access than the
      current set of interfaces enable. Over time, as more interfaces are
      developed, snap publishers can migrate away from classic confinement
      to strict.




      Classically confined snaps must be reviewed by the snap store
      reviewers team before they can be published in the stable channel.
      Snaps which use classic confinement may be rejected if they don’t meet
      the requirements.



      Users should not attempt to override a strictly confined snap to make
      it ‘classic’ as this undoes the confinement and interfaces defined by
      the developer. In addition applications published as strict snaps may
      misbehave when installed with the ‘–classic’ switch.




      As for a recommendation, you'll need to weigh the risks in your own mind. Consider the publisher of the software, their reputation/recognition and the fact that classic confinement snaps are reviewed before being published. Classic confinement is not all that different than having done a traditional apt install in terms of the access it allows to the program.






      share|improve this answer
























        0












        0








        0






        This is answered well in snapcraft's official documentation.



        In the interest of time, here is the pertinent portion:





        Classic confinement is effectively un-confining the applications inside a snap. Applications which use classic confinement have the
        same full system access as traditionally packaged applications.
        Classic confinement is intended as a stop-gap measure to enable
        developers to publish applications which need more access than the
        current set of interfaces enable. Over time, as more interfaces are
        developed, snap publishers can migrate away from classic confinement
        to strict.




        Classically confined snaps must be reviewed by the snap store
        reviewers team before they can be published in the stable channel.
        Snaps which use classic confinement may be rejected if they don’t meet
        the requirements.



        Users should not attempt to override a strictly confined snap to make
        it ‘classic’ as this undoes the confinement and interfaces defined by
        the developer. In addition applications published as strict snaps may
        misbehave when installed with the ‘–classic’ switch.




        As for a recommendation, you'll need to weigh the risks in your own mind. Consider the publisher of the software, their reputation/recognition and the fact that classic confinement snaps are reviewed before being published. Classic confinement is not all that different than having done a traditional apt install in terms of the access it allows to the program.






        share|improve this answer












        This is answered well in snapcraft's official documentation.



        In the interest of time, here is the pertinent portion:





        Classic confinement is effectively un-confining the applications inside a snap. Applications which use classic confinement have the
        same full system access as traditionally packaged applications.
        Classic confinement is intended as a stop-gap measure to enable
        developers to publish applications which need more access than the
        current set of interfaces enable. Over time, as more interfaces are
        developed, snap publishers can migrate away from classic confinement
        to strict.




        Classically confined snaps must be reviewed by the snap store
        reviewers team before they can be published in the stable channel.
        Snaps which use classic confinement may be rejected if they don’t meet
        the requirements.



        Users should not attempt to override a strictly confined snap to make
        it ‘classic’ as this undoes the confinement and interfaces defined by
        the developer. In addition applications published as strict snaps may
        misbehave when installed with the ‘–classic’ switch.




        As for a recommendation, you'll need to weigh the risks in your own mind. Consider the publisher of the software, their reputation/recognition and the fact that classic confinement snaps are reviewed before being published. Classic confinement is not all that different than having done a traditional apt install in terms of the access it allows to the program.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 32 mins ago









        Jeff H.Jeff H.

        31629




        31629






















            Philippe Moisan is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            Philippe Moisan is a new contributor. Be nice, and check out our Code of Conduct.













            Philippe Moisan is a new contributor. Be nice, and check out our Code of Conduct.












            Philippe Moisan is a new contributor. Be nice, and check out our Code of Conduct.
















            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493033%2fwhat-are-the-dangers-of-using-snaps-classic-confinement%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Entries order in /etc/network/interfaces

            Image
            4 I have a device with two interfaces, eth0 and eth1. One should get its IP from a DHCP server and the other should get its IP statically. If my /etc/network/interfaces file is configured as follows: auto lo iface lo inet loopback auto eth1 iface eth1 inet dhcp iface eth1 inet6 auto auto eth0 iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 Everything works great, eth1 gets its IP from the DHCP server, eth0 sets its IP statically from the information given, but if I try to change the order in the file, such as auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 auto eth1 iface eth1 inet dhcp iface eth1 inet6 auto In this case, eth1 fails to get an IP. Does the /etc/network/interface care about th...
            Read more

            新発田市

            Image
            しばたし 新発田市 市のシンボル・新発田城(二の丸隅櫓) 新発田市旗 1934年7月9日制定 新発田市章 1934年7月9日制定 国 日本 地方 中部地方、北陸地方 甲信越地方、信越地方 都道府県 新潟県 団体コード 15206-4 法人番号 5000020152064 面積 533.10 km 2 総人口 96,267 人 [編集] (推計人口、2018年10月1日) 人口密度 181 人/km 2 隣接自治体 新潟市、阿賀野市、胎内市、北蒲原郡聖籠町、東蒲原郡阿賀町 福島県喜多方市 山形県西置賜郡小国町 市の木 サクラ 市の花 アヤメ 市のシンボル 新発田城 新発田市役所 市長 [編集] 二階堂馨 所在地 〒 957-8686 新潟県新発田市中央町3丁目3番3号 北緯37度56分52.5秒東経139度19分38.2秒 外部リンク 公式ウェブサイト ■ ― 政令指定都市 / ■ ― 市 / ■ ― 町 / ■ ― 村 地理院地図 Google Bing GeoHack MapFan Mapion Yahoo! NAVITIME ゼンリン   表示   ウィキプロジェクト 新発田市中心部周辺の空中写真。 1975年撮影の8枚を合成作成。国土交通省 国土画像情報(カラー空中写真)を基に作成。 新発田市 (しばたし)は、新潟県下越地方にある市である。新潟市への通勤率は16.6%(平成22年国勢調査)。 目次 1 概要 2 地理 2.1 隣接している自治体・行政区 3 地域・市街地構成 4 歴史 4.1 市名の由来 4.2 沿革 5 人口 6 行政 6.1 市長 7 経済 7.1 産業 7.1.1 市内の主な企業 7.1.2 漁業 8 姉妹都市・提携都市 8.1 国内 8.2 海外 9 施設・...
            Read more

            Grub takes very long (several minutes) to open Menu (in Multi-Boot-System)

            Image
            0 I have a Multi-Boot-System with 4 different installations of Linux. (1 Manjaro, 3 Mint) spread over 2 hard drives (2 on each). After doing grub-install /dev/sdX and update-grub several times within each installation ... the Grub-menu needs more and more time to open. It started with a few more seconds, now it takes several minutes. I tried to purge and reinstall Grub but this made the problem even worse: apt-get purge grub grub-pc grub-common apt-get install grub-common grub-pc os-prober update-grub What could be causing this problem? linux grub2 multiboot share | improve this question edited 4 mins ago ...
            Read more